Thursday, October 28, 2010

Technology & Risk Management: Growing Hacking Risk Facing Law Firms

The much-publicized data breach at one law firm highlights the issue of external attacks against firm information systems. A reader forwarded an interesting article published in the ABA Journal: "Cyberspace Under Siege." The author explores the threat of external intrusion attacks: “Law firms are likely targets for attacks seeking to steal information off computer systems.”

A key factor raising the profile of law firms as desirable hacker targets is the concentration of sensitive business information they store:
  • “If I want to know about Boeing and I hack into Boeing, there are a billion files about Boeing,” Paller says. “But if I go to Boeing’s international law firm, they’re perfect. They’re like gold. They have exactly what I’m looking for. You reduce your effort.”
Clients are increasingly asking more specific questions about law firm IT practices to address these risks. While industry standards are presently somewhat vague, these threats create serious liability concerns, notes Stewart Baker, a partner at Steptoe & Johnson:
  • “If a security breach involves sensitive information handled by a law firm and someone finds it on a server headed to a foreign government, then the [U.S.] government will have some very awkward questions for the company that was the source of the information and the law firm that was the source of the information.”
This is another area worth the shared attention of both risk and IT stakeholders.

Chicago Risk Roundtable Meeting (November)

The Risk Roundtable Initiative will host a panel discussion on Tuesday, November 2nd in Chicago on the topic: "Making the Business Case for Investing in Risk Management." The panel comprises several risk experts:
  • Ann Ostrander, Sr. Director of Loss Prevention, Kirkland & Ellis LLP
  • Beth Chiaiese, Director of Loss Prevention, Foley & Lardner LLP
  • Pat Archbold, Head of Risk Practice Group, IntApp
  • Neil Araujo, CEO, Autonomy iManage
These speakers will explore topics including:
  • Communicating the implications and potential exposure tied to the expanding legal risk landscape
  • Explaining the value and importance of the risk organization and its efforts across the firm
  • Cultivating cross-functional advocates – framing and aligning risk efforts with other organizational goals and objectives
  • Understanding the value of and making the case for several types of "investments" – including management mindshare, budget, staff resources and technology tools
For more information, see the Risk Roundtable web site or email info@riskroundtable.com.

Wednesday, October 27, 2010

Tennessee Adopts Changes to Rules of Professional Conduct, Including Screening

[h/t to Legal Ethics Forum, via Professional Responsibility blog]. Tennessee has adopted changes to its Rules of Professional Conduct, including updates reflecting changes to the ABA Model Rules. With regard to ethical screening of lawyers moving among firms: "...the new rule does not permit screening when a lawyer 'side-switches' while the case is pending, but it does appear to permit screening in other cases." The new rules are set to go into effect January 1, 2011. More details on the Tennessee Bar web site.

Tuesday, October 26, 2010

Another Hidden Law Firm Conflict? Wilson Sonsini on the Hot Seat...

Following word that another firm just faced a $150 million jury verdict tied to an alleged conflict, comes a story of another law firm facing conflicts allegations. This time a client alleges that Wilson Sonsini hid a conflict of interest as it represented a direct competitor. [PDF of Complaint.]

Organizations competing in the marketplace aren't necessarily adverse under the classic legal definition of "conflict." However, situations of "business conflicts," which may or may not trigger lawyer duties to recuse themselves, tend to raise client concerns nevertheless. This is particularly true in matters of intellectual property, where lawyers may be exposed or have access to sensitive confidential information from both parties.

In this case, Wilson Sonsini was representing two companies in patent prosecution matters. As The Recorder notes:
  • "Wilson Sonsini never asked Existence Genetics for a waiver to represent a direct competitor, the suit says. Wilson Sonsini also never told Existence Genetics that Navigenics had filed a competing patent, when it had informed the company about other competitors' patent filings."
  • "Before being retained though, Norviel told the company's CEO that he had checked for conflicts of interest and found none. A year later, the company claims, a junior associate at Wilson Sonsini "let slip" that the firm also represented a direct competitor, Navigenics Inc. The company then discovered that Wilson Sonsini was the agent on a Navigenics' patent published in early 2009, and now believes the firm represented other competitors as well."

Apparent Law Firm Conflict Results in $105 Million Malpractice Verdict Against Baker & McKenzie

A Mississippi jury just awarded a former Baker & McKenzie client a $105 million verdict:
  • "S. Lavon Evans Jr. had claimed in his Mississippi lawsuit that the law firm had represented him at the same time it represented his partner in an oil-rig drilling business, the Chicago Tribune  reports. The suit says Evans was unaware that his partner was insolvent and was using Evans’ assets to obtain millions of dollars in loans. MS Litigation Review and Commentary had early news of the verdict."
More detail via the Chicago Tribune:
  • "Cagle introduced Evans to his attorney, Held, whom Evans retained. And for the next several years, Cagle and Evans engaged in various business ventures, including construction of two drilling rigs while Held represented both men."
  • "When Evans tried to dissolve the business relationship, Cagle and his attorneys 'instituted a litigation strategy to bring Evans to his knees,' the suit alleged. Cagle and his various companies accused Evans of stealing the rigs out from under him and obtained a restraining order to intimidate Evans into handing his assets over to Cagle, the suit said."

Monday, October 25, 2010

Law Firm Information Risk Management: Coping with Info Overload in an Electronic (and Often Public) World

The publication last week of the 2010 International Workplace Productivity Survey highlights the extend to which law firm personnel increasingly struggle with information overload. More details are available on the survey web site, but a few key findings are worth noting in the context of risk management:
  • "...legal professionals across the globe are struggling to cope with a flood of information which has only grown in size since the economic downturn."
  • "Two-thirds of legal professionals, 66%, wish they could spend less time organizing, and more time using, the information that comes their way."
  • "A large majority...admit to deleting or discarding work information without fully reading it."
This brings to mind a true story where information overload directly intersected with risk, first described on a Risk Roundtable Risk Bulletin. In this case, one lawyer's overload (and public flaunting of the fact), opened a firm to significant potential exposure.

The story actually highlights the risks of information overload along with the dangers of internet social media sites. Here, a lawyer at an AmLaw 100 firm posted an update on their personal MySpace blog site that was observed by unexpected eyes. Here's an excerpt of what they wrote for anyone on the internet to read:
  • “An associate just walked by my office… and she asked how it felt to have an ethical wall being built around me… I had no idea what the hell she was talking about. So she says she's referring to the firm-wide email… I responded that I guess I hadn't read it because I always immediately delete all my junk mail, and she pointed out that just because something is sent to the ‘all-attorney’ email list doesn't mean its junk mail… Whatever. DELETE!”
To read the complete back story and the complete post see the 2007 Risk Bulletin: "Ethical Walls and Attorney Screening."
 
Clearly, no firm would want to find itself having to explain why a lawyer publicly admitted to not reading screening memoranda while defending a disqualification motion... That's why firms often turn to technology to combat information overload.
 
In this case, confidentiality software is used to track affirmative acknowledgment of important policies like screening memoranda (with repeat reminders and management escalation facing those who overlook a notice or don't respond in a timely manner). There may not be an easy way to cut down on the volume information, but new approaches provide added protections for ensuring that important details aren't lost in the deluge.

Friday, October 22, 2010

SRA Code of Conduct Revision -- Final Issue Paper and Call for Comment Online

The SRA just published an issue paper that presents its final call for consultation and input as it moves to publish an updated regulatory framework which will going into effect next year: "This consultation is the last opportunity for comments on the SRA's new Handbook which will underpin the regulation of solicitors and law firms from October 2011."

The paper includes additional proposed changes to the SRA Code of Conduct and other rules. To date, the SRA has received 83 formal responses by affected and interested parties to its past calls for input.

Antony Townsend, Chief Executive of the SRA, stated: "Our programme to transform regulation remains on track for 2011. The reforms will help us identify and concentrate on the areas of highest risk, help firms focus on the quality of service to consumers, and bring greater flexibility for well-managed firms, enabling them to deliver services in ways suited to their clients and type of business."

See the SRA web site for the complete issue paper, and instructions on how to submit a formal response for consideration.

Tuesday, October 19, 2010

ABA 20/20 Commission Hearing on Client Confidentiality and Lawyers' Use of Technology (Part 2)

As mentioned previously [see part 1], the ABA Commission recently held a hearing on the issue of Client Confidentiality and Lawyers' Use of Technology. A PDF of submitted testimony and exhibits speakers testifying at the hearing, see the ABA web site. Here is a brief summary of other issues raised by participants:
  • Todd Flaming, a partner at Schopf & Weiss, discussed what form of action he thought appropriate for the Commission to take, given the changes technology has brought to information management by law firms. Mr. Flaming described the change from all paper to almost all electronic data handling practices: "In the history of the world, this change happened in the blink of an eye. And the change seems to be accelerating." He advocated for the creation of a centralized, constantly-updated online library which could provide guidance, advice and standards information regarding lawyer and law firm use of technology. In particular, he called out the need to educate lawyers about the implications of new technologies, particularly non-technical lawyers. (Or, as he concisely put it, those who do not "speak Klingon.")
  • A representative from Clio provided specific recommendations for security and confidentiality standards which should be followed by "cloud" service providers -- companies that provide web-based, hosted services that story law firm information (e.g. email or document management).
  • Representatives from Total Attorneys and the Legal Marketing Association addressed the issue of lawyer advertising and use of social media. Today new forms of advertising (like search engine-managed text ads, referral programs and testimonial sites) redefine what is and is not "advertising" according to current rules. Speakers suggested that the ABA should make rules more flexible to take into account new advertising and new communication technologies, and the corresponding growth in layperson understanding of these media: "More generally, LMA urges the Commission to propose guidelines and amendments to the Model Rules that are balanced between protecting consumers of legal services, and allowing the legal profession to communicate truthfully about the scope and availability of legal services."

Monday, October 18, 2010

ABA 20/20 Commission Hearing on Client Confidentiality and Lawyers' Use of Technology (Part 1)

Last week, the ABA Commission held a hearing on the issue of Client Confidentiality and Lawyers' Use of Technology. The Commission is charged with reviewing ABA Model Rules of Professional Conduct and other regulatory rules affecting law firms in order to develop policy recommendations in response to changes in technology and global legal practices. In a draft issue paper, the Commission set out the modern realities of information risk management:
  • “When data was strictly in hard copy form, lawyers could easily discern how to satisfy their professional obligations and did not need elaborate ethical guidance. Now that data is predominantly in electronic form, however, the necessary precautions are more difficult to identify.”
Five speakers were invited to testify at the hearing, including Brian Lynch from IntApp and the Risk Roundtable Initiative. Mr. Lynch explored how technology creates new information risk management challenges for law firms, which face an expanding and evolving set of confidentiality drivers. These drivers include ethical screens necessitated by lateral hires, more stringent client outside counsel guidelines, and regulations such as the HITECH Act, ITAR and several data privacy laws. He these issues noting:
  • "Increasingly, law firms discover that the use of electronic information management tools (for example, document management, records, electronic time entry, enterprise search) creates confidentiality challenges. Many of these technologies are designed to make internal information easily accessible within the firm in order to enable re-use and knowledge sharing. However, open access to information also presents new risks and challenges."
  • "Given the growing volume of information stored electronically, more and more firms are using search software internally, dramatically increasing the chance that sensitive information, previously thought obscured from internal eyes, will be accessed inappropriately. Importantly, confidentiality breaches typically don’t stem from malfeasance, with so much information and so many policies to keep track of, human error is usually the biggest risk to control."
  • "The ABA can play a vital role in helping the legal community understand the changing confidentiality management landscape, prudent steps they should take, and standards they should follow to best protect themselves and their clients."
For more information on the ABA Ethics 20/20 Commission and a PDF of submitted testimony and exhibits speakers testifying at the hearing, see the ABA web site.

Sunday, October 17, 2010

Canadian Decision: Disqualification Denied -- Lawyer Changing Firms, No Imputation, Ethical Screen

Hat tip to Bill Freivogel for pointing out a recent decision by the Ontario Superior Court of Justice: Basque v. Stranges, 2010 ONSC 5605 (Ont. Super. Ct. Oct. 12, 2010). A lawyer left a firm who represented a client he eventually found himself defending another party against. As Freivogel summarizes: "The court noted that there was no showing that Lawyer had any knowledge whatsoever about the plaintiff or her case."

In its analysis, the court relied heavily on the Canadian Supreme Court decision on conflicts, disqualification and ethical screening, MacDonald Estate v. Martin. The judge noted the no sharing of confidential information could be demonstrated or could otherwise likely be assumed. And found that even if the lawyer in question had in fact been exposed to confidential information, the firm's procedures for confidentiality were sufficient.
  • [46] In my opinion, Graham’s relationship with Chown Cairns during the period... was not sufficiently connected to his retainer by The Dominion of Canada General Insurance Company one year later so as to raise the inference that confidential information was imparted. During the overlap period, there would have been no reason for confidential information regarding the plaintiff’s case to have been divulged to, or obtained by, Graham. Graham had no involvement in the plaintiff’s case (or knowledge of its existence) during the overlap period and this is wholly consistent with his role at Chown Cairns during that time. And, furthermore, there is no evidence of confidential information having been imparted to Graham during the overlap period.
For one, it could not be demonstrated that the lawyer had any exposure to the plaintiff or the lawyers at his previous firm who were representing the plaintiff prior to his departure. The lawyer left the firm 35 days after the plaintiff first consulted the firm.

Secondly, in this case the plaintiff, who changed counsel during the course of the matter, argued that the confidentiality practices of her first law firm, which internally screening its own lawyers in some instances, were insufficient to prevent the imputation of knowledge to a lawyer not working on the case.

The judge disagreed: "This protocol, while not elaborate, was in place for many years and appears to have been effective (although the relevant question to be asked is whether it was effective in the circumstances of this case)." Because the original firm was small, the judge excused the lack of written policies, geographic separation or other more rigorous screening measures. Instead, he concluded that if a party were determined to explicitly seek out restricted confidential information, he would have been able to do so -- but that nothing in this case suggested the lawyer at hand had acted in this inappropriate manner, which was the applicable standard in this situation.

Thursday, October 14, 2010

Articles: Lawyer Lateral Movement, Conflicts, Ethical Screens and Advance Waivers

 
A reader pointed out several interesting articles published in the Boston Bar Journal:
  • In: "Lateral Movement of Lawyers in Massachusetts -- Conflicts, O’Donnell, and the Future Under Amended ABA Model Rule 1.10," several ethics and loss prevention lawyers at Holland & Knight comment on whether that state should adopt Model Rule 1.10 and broaden screening latitude. While they express some concerns with the Model Rule, they conclude: "Despite its problems, amended Model Rule 1.10 would be an improvement over the current Massachusetts Rule and the outcome in O’Donnell. The bright-line approach of amended Model Rule 1.10, which allows screens to be erected in most cases of lateral lawyer movement, is preferable to the uncertainty created by the Massachusetts 'substantial involvement' and 'substantial material information' exceptions. Massachusetts’ adoption of amended Model Rule 1.10 would likely prevent law firm disqualification in the majority of cases involving private-sector lateral lawyer movement, including in 'close' cases like O’Donnell."
  • In: "Advance Conflict Waivers: Will They Work For You?" representatives from Wilmer Hale explore how waivers can benefit firms and the clients they serve: "Given the growing number of firms providing legal services in a wide variety of practice areas, advance waivers will become an even more essential and standard practice. When properly drafted, and fully and candidly explained, they will provide important benefits to firms and their clients."
  • In response to that article, a representative from Harvard University wrote a letter to the Journal, challenging the notion that waivers benefit clients: "It may be self evident, but is worth emphasizing, that the premise of this language is that there is in fact a conflict which, absent the client’s consent, would prevent the lawyer from representing one or both of the adverse parties. In plain English, this waiver is intended to permit the lawyer to undertake work that could otherwise be prohibited.... Blanket waivers help protect firms from the consequences of missing or not recognizing conflicts. The other purpose, of course, is that advance waivers reduce an important obstacle to taking on new business."

Tuesday, October 12, 2010

Proper Ethical Screening Protects Firm from Disqualification (Lawyer Changes Sides Mid-Case)

 
The Legal Ethics Forum notes Bill Frievogel's excellent commentary on a decision just handed down denying a disqualification motion in: Silicon Graphics, Inc. v. ATI Technologies, Inc., 2010 U.S. Dist. LEXIS 107057 (W.D. Wis. Oct. 5, 2010). The complete decision is available online here.

The judge described the history of the suit as "long and contentious." Over 100 motions have been filed. This most recent issue concerns a disqualification attempt, calling out a lawyer who worked for a firm that represented the plaintiff in the same matter (Morgan Lewis), prior to joining the firm representing the defendant (Robins Kaplan).

The lawsuit was filed in 2006. The attorney in question left Morgan Lewis, joined Hogan Lovells and then moved to Robins Kaplan in the fall of 2009.

The defending firm noted that the attorney was screened from the matter -- he was located in a different office from the team (New York vs. Minneapolis) and proper ethical screening measures were put in place to ensure no information was communicated. These included circulating an internal memoranda to relevant personnel and restricting access to both physical as well as electronic files "...by a computer security protocol that prevents Leichtman from viewing or searching those records."

The plaintiff was also notified regarding the situation and the screen in the fall of 2009. Interestingly, the lawyer first asked the plaintiff for consent and a waiver. The plaintiff did not respond to the request. Upon further review of applicable rules, the ethics partner at Robins Kaplan determined that consent was not required. The firm provided notice to the plaintiff that the lateral move would take place and a screen would be erected .

The plaintiff argued that the lawyer performed significant work for its client and that a screen could not rebut the presumption of information sharing. The judge disagreed, noting, among several factors:
  •  "...law firms may avoid imputation through appropriate screening mechanisms regardless of the scope of the work performed for the former client by the disqualified lawyer."
  • "With respect to plaintiff’s motion for disqualification, I conclude that screening is an appropriate method to address concerns about confidentiality when a lawyer changes law firms in the middle of a case, even if the lawyer performed a substantial amount of work for the former client."
  • "Because plaintiff does not raise any serious challenges to the screening conducted in this case, plaintiff’s motion to disqualify Robins Kaplan will be denied."

Thursday, October 7, 2010

Upcoming Risk Roundtable Meeting

The Risk Roundtable Initiative will host a panel discussion on Tuesday, November 2nd in Chicago on the topic: "Making the Business Case for Investing in Risk Management." The panel comprises several risk experts:
  • Ann Ostrander, Sr. Director of Loss Prevention, Kirkland & Ellis LLP
  • Beth Chiaiese, Director of Loss Prevention, Foley & Lardner LLP
  • Pat Archbold, Head of Risk Practice Group, IntApp
  • Neil Araujo, CEO, Autonomy iManage
These speakers will explore topics including:
  • Communicating the implications and potential exposure tied to the expanding legal risk landscape
  • Explaining the value and importance of the risk organization and its efforts across the firm
  • Cultivating cross-functional advocates – framing and aligning risk efforts with other organizational goals and objectives
  • Understanding the value of and making the case for several types of "investments" – including management mindshare, budget, staff resources and technology tools
For more information, see the Risk Roundtable web site or email info@riskroundtable.com.

Tuesday, October 5, 2010

Wednesday Risk Roundup -- Connecting Risk Management and Revenue, Lateral Hiring News & More

  • At our new partner site, the Law Firm Finance Blog, Brian Lynch considers the intersection between risk and revenue: "Is Your Law Firm Leveraging Compliance to Boost Revenue?" He writes: "Traditionally, risk management has been in the business of saying 'no.; Today, effective risk and compliance measures can enable firms to say 'yes' more frequently," in ways that can positively impact business development, client satisfaction and overall firm financial performance.
  • Another timely article following last week's discussion of lateral hiring trends and associated risk issues. This time, the Legal Intelligencer comments on firm recruitment from government sources: "Government Lawyers Sought After as Law Firm Laterals," noting the skills and experience former prosecutors bring to the firm: "A former AUSA brings a level of inside perspective and credibility to a case that can be attractive to a client, according to Nourian." And, as others note, firms clearly see value here and are willing to pay for it, see another recent online discussion: "Why Do AUSAs Make So Much Money When They Go To Private Practice?" Importantly, firms that hire former government lawyers must take care to screen those resources appropriately, both from matters in which they had involvement, or in cases where firms engage in government relations or lobbying efforts.
  • Finally, from the UK, Legal Risk LLP published it's latest risk newsletter, which comments on insurance renewal and coverage trends in that market, particularly in light of evolving industry professional responsibility (SRA outcomes-focused regulations) and impending alternative firm ownership rules.